HIPAA Security Rule Certification (NIST 800-66 R2)

The Secure Controls Framework Conformity Assessment Program (SCF CAP) offers a certification path for the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Successfully completing the SCF CAP assessment will award the Organization Seeking Assessment (OSA) with the designation of SCF Certified - HIPAA Security Rule

The SCF CAP Is Your Path To Become HIPAA Security Rule Certified The SCF CAP is focused on using the SCF as the control set to provide a company-level certification. While the SCF-CAP shares some similarities with other existing, single-focused certifications (e.g., ISO 27001, CMMC, FedRAMP, etc.), the SCF CAP is unique in its metaframework approach to covering cybersecurity and data protection requirements that span multiple laws, regulations and frameworks. SCF Certified - HIPAA Security Rule - Official Assessment Guide If you want to get SCF Certified for the HIPAA Security Rule, you can download the HIPAA Security Rule (NIST SP 800-66) assessment guide at: https://securecontrolsframework.com/content/cap/ag-hipaa-security-rule-v-1-0.pdf This certification shows how your organization is compliant with the requirements listed within the HIPAA Sercurity Rule and reflect its willingness and dedication to ensuring electronic protected health information (ePHI) is adequately protected. You can view the other assessment guides the SCF CAP provides at: https://securecontrolsframework.com/certification/assessment-guides/.

The SCF CAP is designed for cybersecurity & privacy practitioners by cybersecurity & data privacy practitioners. This concept is based on the need within the industry for a tailored conformity assessment solution that is capable of addressing several key considerations:

• View compliance as a natural by-product of secure practices;
• Scale to address multifaceted operational requirements (e.g., laws, regulations and frameworks);
• Acknowledge the stated risk tolerance of the OSC since not all organizations have the same risk tolerance;
• Minimize the risk of “gaming” the certification process that provides no useful insights into the security posture of the OSA;
• Utilize technology to make the assessment process more efficient to drive down labor-related assessment costs; and
• Leverage existing industry recognized practices, where possible.

HIPAA / HITECH Policies, Standards & Procedures

ComplianceForge has editable policies, standards and procedures for HIPAA / HITECH to assist your organization earning a HIPAA Security Rule certification as part of the SCF CAP:

1. Digital Security Program (DSP)
   • Is an enterprise-class solution for SCF-based policies, control objectives, standards, guidelines, metrics and more.
   • Provides complete coverage for all SCF controls.
   • All SCF-based policies map 1-1 with SCF domains.
   • All SCF-based standards map 1-1 with SCF controls
   • Comes in both Word and Excel formats, so the DSP can be imported into a GRC platform that accepts policies and standards.
2. Cybersecurity Standardized Operating Procedures (CSOP)
   • Provides SCF-based procedures that compliment the standards in the DSP.
   • Provides complete coverage for all SCF controls.
   • All procedures map 1-1 with SCF controls.
   • Comes in both Word and Excel formats, so the CSOP can be imported into a GRC platform that accepts procedures.
3. NIST Cybersecurity Framework 2.0 (NIST CSF 2.0) Policies & Standards
   • Tailored for NIST CSF 2.0.
   • All SCF-based policies to address NIST CSF 2.0 requirements.
   • All SCF-based standards to address NIST CSF 2.0 requirements.
4. NIST CSF 2.0 Procedures
   • Tailored for NIST CSF 2.0.
   • All SCF-based procedures to address NIST CSF 2.0 requirements.